nanog mailing list archives
Re: sniffer/promisc detector
From: Jason Slagle <raistlin () tacorp net>
Date: Thu, 22 Jan 2004 19:13:49 -0500 (EST)
Mine too. So nmap sucks if you want to quickly identify daemons running on strange ports. No big deal. This discussion wasn't about nmap to start with. The point of the discussion was wether it made sense to run services on non-standard ports to deter cr4x0rs. And I feel it doesn't.
I've sat here and watched this discussion and kept my thoughts to myself because I'm thinking "Maybe I'm missing something", but I don't think I am. I don't think the OP ever hinted at the fact that he runs VUNERABLE services on another port. He just states that running SERVICES on alternative ports makes the automated worms/etc miss you. This may give you the time you need to get patched. It's part of a whole group of defenses, not the only one. sshd exploit is known to the kiddies for 3 weeks before getting public. By the time it's public, a worm is out to own systems with it. The worm targets 22. If you are running there and don't upgrade before the worm hits you, you're infected. If you were on another port, you'd likely have a bit more time to upgrade. This isn't about hiding the safe and leaving it unlocked, it's about not putting it out in the middle of a busy intersection frequented by crooks. If they target your safe, you're in trouble anyways - having it out of the way makes it less likely the casual crook will go "Oh that safe can be opened like this" and walk away with your money. Jason -- Jason Slagle - CCNP - CCDP /"\ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . \ / ASCII Ribbon Campaign . X - NO HTML/RTF in e-mail . / \ - NO Word docs in e-mail .
Current thread:
- Re: sniffer/promisc detector, (continued)
- Re: sniffer/promisc detector Ruben van der Leij (Jan 21)
- Re: sniffer/promisc detector Valdis . Kletnieks (Jan 21)
- Re: sniffer/promisc detector Ruben van der Leij (Jan 21)
- Re: sniffer/promisc detector Alexei Roudnev (Jan 21)
- Re: sniffer/promisc detector Crist Clark (Jan 21)
- Re: sniffer/promisc detector Alexei Roudnev (Jan 21)
- Re: sniffer/promisc detector Ruben van der Leij (Jan 21)
- Re: sniffer/promisc detector Fyodor (Jan 22)
- Re: sniffer/promisc detector Alexei Roudnev (Jan 22)
- Re: sniffer/promisc detector Alexei Roudnev (Jan 22)
- Re: sniffer/promisc detector Ruben van der Leij (Jan 22)
- Re: sniffer/promisc detector Jason Slagle (Jan 22)
- Re: sniffer/promisc detector Ruben van der Leij (Jan 22)
- Re: sniffer/promisc detector Alexei Roudnev (Jan 22)
- Re: sniffer/promisc detector Andrew Simmons (Jan 23)
- Re: sniffer/promisc detector Alexei Roudnev (Jan 21)